eddorre

Found 2 posts tagged with 'openvpn'

Remote Network Access - Part II

April 24, 2007 — 0 Comments

Things are looking up on the OpenVPN front. I’ve successfully connect both my MacBook and my Vista machine to it from a remote network.

I also understand why my MacBook started to overheat. More on that at the end of the post.

A normal PPTP VPN works by assigning your computer an IP address on the remote LAN.

OpenVPN has two modes of operation; brigding mode and routing mode. Bridging mode works exactly like a standard PPTP VPN server. It assigns an IP address from the remote LAN to a virtual TUN adapter.

Routing mode is very different. Using routing mode, the server assigns a private, non-routable address to a virtual TAP adapter on both the client machine and the server machine. This address is not on the private network that the server resides on.

For example, let’s say that your server has an IP address of 192.168.1.2. Using your SOHO router you forward port 1194 (UDP) to the VPN server.

The TAP adapter created on the server, using the default configuration, would receive the IP address of 10.8.0.1 and the client machine would receive the address of 10.8.0.5.

At this time, a private tunnel has been created and you can communicate with the server and only the server. In order to participate on the local remote LAN (192.168.1.0/24) you have to alter the routing table on the client machine.

OpenVPN can alter the routing table for you by including in the client config file. What this does is route all information that is destined for the 192.168.1.0/24 network through the virtual TAP adapter (10.8.0.5).

If this wasn’t enough, you still can’t communicate to the remote LAN. You have to setup IP Forwarding on the OpenVPN server and setup a static route on the SOHO router that routes anything on 10.8.0.0/24 through 10.8.0.1.

Whew. Understandably, bridging mode is the easiest of the two. After this has been completed, you should be able to access machines on the remote LAN.

I haven’t really explained why my laptop was freaking out. I had an idea, but I didn’t confirm it until yesterday.

To simulate coming in from a remote network, I was using my MacBook wirelessly. My wireless network is behind its own router that is behind my SOHO router (see diagram of network).

The short of it is that in my client configuration, I was initially connecting to the OpenVPN server at 192.168.1.8 but then when the server pushed the routing information, that said to send all information destined to 192.168.1.0/24 down the VPN tunnel.

I essentially create a huge network loop. My poor MacBook never had a chance.

I can make it work the way the old configuration did, I just have to switch from routing mode to bridging mode.

Remote Network Access

April 22, 2007 — 0 Comments

After completing my previous project (read The Warhawk Flies), I embarked on my next project; remote access to my network.

Previously, I was using Windows 2000’s RRAS to create a PPTP VPN and it served me well for years.

Eventually, all good things come to an end and so it was with that VPN server. Windows 2000 is already in extended support with Microsoft and soon it won’t be supported at all. Seeing the writing on the wall, I decided that this was the time to retire it and move onto something else.

I decided to set my sights on OpenVPN, a free, open-source “”Secure Sockets Layer">SSL" based VPN.

Instead PPTP or IPSec, OpenVPN makes use of public key cryptography (you know the same thing that your bank uses to secure your transactions over the web) via the already established OpenSSL libraries to encrypt the data that is being sent to and from the remote host and the VPN server.

I’m in the final testing phases of the implementation and what I’ve seen isn’t encouraging. Using Debian Linux as my server, installing and configuring OpenVPN was simpler than I thought.

The initial connection to the server was simpler than I thought too. Unfortunately, this initial connection only allows me to communicate to the server without being able to communicate to the machines behind it. In order to do that, I instruct the server to “push” some static routes to the remote machine.

This should work much like my old PPTP implementation did (read How to Setup a PPTP Encrypted Wireless Network). I’m not sure what causes it, but as soon as the server instructs the client to add the static routes to its routing table, the log starts to fill up with error messages.

The error message reads: “write UDPv4 [ ]: No buffer space available (code=55)”

More disturbing than the log filling with errors is the performance of my client machine (MacBook 1.83 Intel Core 2 Duo with 1 GB of memory using Tunnelblick as the OpenVPN client) after the errors start appearing.

After 30 seconds to a minute, the CPU will start to go haywire and the fans will turn on to try to prevent the CPU from overheating. My normally cool CPU, which runs at ~50 degrees celsisus (122 degrees F), will jump to the ~78 degree celsius (172 degress F!!) range. I haven’t stood around to see what happens if I let things run. Usually when I hit this point, I usually just reboot the Macbook (stopping the Tunneblick process didn’t seem to do anything).

The ultimate test comes tomorrow when I attempt to connect to the server from outside my own network. We’ll see what happens.